Creating Access to Just Web Ports and Management Console

Feb 28, 2012, 9:30 PM

Alright I'm running a very simple home setup (a few computers, a few iPhones, iPads, XBOX's, etc…)

I want to allow access for everyone just to main ports (80, 443) and for just my devices to the admin management interface.

Will the below screenshot show this correctly or am I going to run into problems? (Assume the alias's are correct)

I also edited out the part where it allows all on the lan.

Image edited per root2020's comment

root2020 · Feb 28, 2012, 10:24 PM

Wouldn't you put Alldevices & AdminDevices under the source column? Unless the Destinations "Alldevices" are Aliases for IP's for domains like google, microsoft, mydomain or your firewall LAN IP.

Feb 28, 2012, 10:32 PM

Yes sorry I'll fix that real quick.

root2020 · Feb 29, 2012, 6:40 PM

Interpretation of your two firewall rules, this is what will happen:
Rule#1: All your devices will be able to connect to port 443 and 80 on your firewall and every other server on the internet. They will not be able to connect to DNS on port 53 to look-up domain to IP, so no internet.
Rule#2: All you Admin Devices will be able to connect to your admin ports on you firewall and 443 and 80 to websites on the internet. Probably the same issue with DNS as in Rule#2.

You probably want to set it up like the guide shows.
http://doc.pfsense.org/index.php/Restrict_access_to_management_interface